Revert exec: avoid RLIMIT_STACK races with prlimit()
This commit is contained in:
parent
5f85324ce1
commit
d04c5ccc65
|
@ -0,0 +1,50 @@
|
|||
From patchwork Tue Dec 12 19:28:38 2017
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Subject: Revert "exec: avoid RLIMIT_STACK races with prlimit()"
|
||||
From: Kees Cook <keescook@chromium.org>
|
||||
X-Patchwork-Id: 10108209
|
||||
Message-Id: <20171212192838.GA14592@beast>
|
||||
To: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Laura Abbott <labbott@redhat.com>,
|
||||
=?utf-8?B?VG9tw6HFoQ==?= Trnka <trnka@scm.com>,
|
||||
linux-kernel@vger.kernel.org
|
||||
Date: Tue, 12 Dec 2017 11:28:38 -0800
|
||||
|
||||
This reverts commit 04e35f4495dd560db30c25efca4eecae8ec8c375.
|
||||
|
||||
SELinux runs with secureexec for all non-"noatsecure" domain transitions,
|
||||
which means lots of processes end up hitting the stack hard-limit change
|
||||
that was introduced in order to fix a race with prlimit(). That race fix
|
||||
will need to be redesigned.
|
||||
|
||||
Reported-by: Laura Abbott <labbott@redhat.com>
|
||||
Reported-by: Tomáš Trnka <trnka@scm.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||||
---
|
||||
fs/exec.c | 7 +------
|
||||
1 file changed, 1 insertion(+), 6 deletions(-)
|
||||
|
||||
diff --git a/fs/exec.c b/fs/exec.c
|
||||
index 6be2aa0ab26f..1d6243d9f2b6 100644
|
||||
--- a/fs/exec.c
|
||||
+++ b/fs/exec.c
|
||||
@@ -1340,15 +1340,10 @@ void setup_new_exec(struct linux_binprm * bprm)
|
||||
* avoid bad behavior from the prior rlimits. This has to
|
||||
* happen before arch_pick_mmap_layout(), which examines
|
||||
* RLIMIT_STACK, but after the point of no return to avoid
|
||||
- * races from other threads changing the limits. This also
|
||||
- * must be protected from races with prlimit() calls.
|
||||
+ * needing to clean up the change on failure.
|
||||
*/
|
||||
- task_lock(current->group_leader);
|
||||
if (current->signal->rlim[RLIMIT_STACK].rlim_cur > _STK_LIM)
|
||||
current->signal->rlim[RLIMIT_STACK].rlim_cur = _STK_LIM;
|
||||
- if (current->signal->rlim[RLIMIT_STACK].rlim_max > _STK_LIM)
|
||||
- current->signal->rlim[RLIMIT_STACK].rlim_max = _STK_LIM;
|
||||
- task_unlock(current->group_leader);
|
||||
}
|
||||
|
||||
arch_pick_mmap_layout(current->mm);
|
|
@ -632,6 +632,10 @@ Patch500: dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
|
|||
# rhbz 1525474 1525476
|
||||
Patch501: USB-core-prevent-malicious-bNumInterfaces-overflow.patch
|
||||
|
||||
# https://patchwork.kernel.org/patch/10108209/
|
||||
# https://marc.info/?l=linux-kernel&m=151307686618795
|
||||
Patch502: Revert-exec-avoid-RLIMIT_STACK-races-with-prlimit.patch
|
||||
|
||||
# 600 - Patches for improved Bay and Cherry Trail device support
|
||||
# Below patches are submitted upstream, awaiting review / merging
|
||||
Patch601: 0001-Input-gpio_keys-Allow-suppression-of-input-events-fo.patch
|
||||
|
@ -2212,6 +2216,7 @@ fi
|
|||
%changelog
|
||||
* Wed Dec 13 2017 Jeremy Cline <jeremy@jcline.org>
|
||||
- Fix CVE-2017-17558 (rhbz 1525474 1525476)
|
||||
- Revert exec: avoid RLIMIT_STACK races with prlimit()
|
||||
|
||||
* Tue Dec 12 2017 Jeremy Cline <jeremy@jcline.org>
|
||||
- Fix CVE-2017-8824 (rhbz 1519591 1520764)
|
||||
|
|
Loading…
Reference in New Issue